Re: Why is can't my clients use DNS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am an idiot sorry

I was missing this;

${IPTABLES} -t nat -A POSTROUTING -s ${DMZ_IP_RANGE} -j MASQUERADE

Greg

On 09/02/06, Greg Cope <gregcope@xxxxxxxxx> wrote:
> Hi All,
>
> I have a simple firewall/router.
>
> Behind are a few servers.
>
> I need to be able to;
>
> - Let clients use external dns (does not work)
> - ssh onto firewall (works)
> - NAT packets onto webservers behind firewall (works)
>
> This is a simple problem, but I can't seem to crack it - please can
> someone point out my stupidity;
>
> Some of the rules I have;
>
> ${IPTABLES} -A INPUT -p udp -s ${EXT_DNS_IP} --source-port 53 -d
> ${DMZ_IP_RANGE} -j ACCEPT
> ${IPTABLES} -A INPUT -p udp -s ${EXT_DNS_IP2} --source-port 53 -d
> ${DMZ_IP_RANGE} -j ACCEPT
> ${IPTABLES} -A FORWARD -p udp -s ${EXT_DNS_IP} -d ${DMZ_IP_RANGE}
> --sport 53 -j ACCEPT
>
>
> What am I missing?
>
> snipped output of  iptables -nvL -t filter
>
> Chain INPUT (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>   119  8981 ACCEPT     all  --  eth1   *       0.0.0.0/0
> 0.0.0.0/0           state RELATED,ESTABLISHED
>     6   680 ACCEPT     all  --  eth0   *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 ACCEPT     all  --  lo     *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 icmp_packets  icmp --  eth1   *       0.0.0.0/0
> 0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       192.168.0.0/16
> 0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       127.0.0.0/8
> 0.0.0.0/0
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0           tcp dpt:80 flags:0x16/0x02
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0           tcp dpt:22 flags:0x16/0x02
>     0     0 ACCEPT     udp  --  *      *       195.40.1.36
> 192.168.0.0/16      udp spt:53
>     0     0 ACCEPT     udp  --  *      *       195.184.228.6
> 192.168.0.0/16      udp spt:53
>     0     0 DROP       udp  --  *      *       0.0.0.0/0
> 0.0.0.0/0
>     1    40 DROP       tcp  --  *      *       0.0.0.0/0
> 0.0.0.0/0           tcp flags:0x16/0x02
>     0     0 LOG        all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           LOG flags 0 level 7 prefix `INPUT DENY: '
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>     8   536 ACCEPT     all  --  eth0   eth1    0.0.0.0/0
> 0.0.0.0/0
>     0     0 ACCEPT     all  --  eth1   eth0    0.0.0.0/0
> 0.0.0.0/0           state RELATED,ESTABLISHED
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
> 192.168.0.0/16      tcp dpt:22 flags:0x16/0x02
>     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0
> 192.168.0.0/16      tcp dpt:80 flags:0x16/0x02
>     0     0 ACCEPT     udp  --  *      *       195.40.1.36
> 192.168.0.0/16      udp spt:53
>     0     0 LOG        all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           LOG flags 0 level 7 prefix `FORWARD DENY: '
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux